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IN THE CLAIMS: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

LISTING OF CLAIMS; 

1 . (original) A gateway for mobile access, comprising: 

a foreign agent that receives user profile data and session state data from a home 
authentication, authorization and accounting (AAA) system of a mobile node; 

at least one dynamic packet filter that performs multi-layer filtering based on the 
user profile data; 

wherein the foreign agent transfers a session from a first network to a second 
network witbout session interruption, using the session state data, when the mobile node 
moves from the first network to the second network, and 

the foreign agent uses the dynamic packet filter to permit Internet access by the 
mobile node without passing Internet data requested by the mobile node through a 
network in which the home AAA system is located. 

2. (original) The gateway of claim 1, further comprising a MAC-address- 
based filter which blocks packets except for authentication packets that are used to 
authenticate mobile nodes. 

3. (original) The gateway of claim 1, wherein the dynamic packet filter 
performs network layer filtering and one of the group consisting of transport layer 
filtering and application layer filtering. 

4. (original) The gateway of claim 1, further comprising a non-volatile 
storage device in which the user profile data are stored. 
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1 5 . (original) The gateway of claim 1 > wherein the non-volatile storage device 

2 has a database that stores state information for each active user session. 

1 6. (original) The gateway of claim 1, wherein the gateway is coupled to at 

2 least one access point, and the gateway transmits from a AAA server in the gateway to 

3 the access point an identification of whether a mobile node in communication with the 

4 access point is successfully authenticated by the AAA server, 

1 7. (original) The gateway of claim 1, wherein the gateway exchanges AAA 

2 data with the home AAA system of the mobile node by way of the Internet, and the 

3 gateway provides Internet access to the mobile node without passing Internet data 

4 requested by the mobile node through the network of the home AAA system. 

1 8. (original) The gateway of claim 7, wherein the gateway relays remote 

2 authentication dial-in user service packets to the home AAA server. 

1 9. (original) The gateway of claim 1, wherein the gateway has a foreign 

2 agent that communicates with die home AAA system of die mobile node, and the foreign 

3 agent is capable of operating in a relay mode, in which the foreign agent forwards packets 

4 to the home AAA of the mobile IP node for authentication, or in a standalone mode, in 

5 which authentication computations for the simple IP mobile node are performed in the 

6 gateway. 

1 10. (original) The gateway of claim 1, the user profile data include per-user 

2 policies dynamically obtained from the home AAA server of the mobile node and the 

3 gateway further the dynamic packet filter is included in a firewall that uses packet 

4 filtering rules that depend on the per-user policies. 

1 11. (original) The gateway of claim 10, wherein the firewall includes rules 

2 that check a media access control address associated with each received packet. 
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1 12. (original) The gateway of claim 1, further comprising an 802.11 access 

2 point contained within or attached to a housing of the gateway. 

1 13. (original) The gateway of claim 1, further comprising a wireless modem 

2 contained within or attached to a housing of the gateway. 

1 14. (original) The gateway of claim 1 , farther comprising: 

2 an 802 J 1 access point contained within or attached to a housing of the gateway; 

3 and 

4 a wireless modem contained within or attached to a housing of the gateway. 

1 1 5. (original) A gateway for mobile access, comprising: 

2 a foreign agent that receives user profile data from a home authentication, 

3 authorization and accounting (AAA) system of a client, when the client establishes a 

4 session with the gateway; 

5 a dynamic packet filter that performs multi-layer filtering based on the user 

6 profile data; 

7 an access point contained within or attached to a housing of the gateway, for 

8 communication between the gateway and the client; and 

9 a wireless modem contained within or attached to a housing of the gateway, 

10 wherein the gateway is mobile, and the modem permits wireless communication between 

11 the gateway and a wireless network. 

1 16 (original). The gateway of claim 15, wherein the gateway provides 

2 Internet access to the client without passing Internet data requested by the client through 

3 a network containing the home AAA system of the client. 

1 17. (currently amended) The gateway of claim 1 5, wherein the foreign agent is 

2 capable of obtaining a new IP addr e ss IP address when the gateway moves from a first 

3 network to a second network. 
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1 18. (original) The gateway of claim 16, wherein, the foreign agent is capable 

2 of advertising the new IP address to the client. 

1 19. (original) The gateway of claim 15, wherein the dynamic packet filter 

2 performs network layer filtering and one of the group consisting of transport layer 

3 filtering and application layer filtering. 

1 20. (original) The gateway of claim 15, further comprising a non- volatile 

2 storage device that stores the session state data, and means for transmitting the stored 

3 session state data to the client if the client loses a connection with the gateway and 

4 resumes the connection with the gateway. 

1 21. (withdrawn) A gateway for mobile communications, comprising: 

2 a router connectable to a network; 

3 means for interrogating a authentication, authorization and accounting (AAA) 

4 server with which a mobile node is associated, to determine to which network resources 

5 the gateway permits the mobile node access, and to determine a set of one or more user- 

6 specific firewall policies associated with the mobile node; 

7 a firewall capable of implementing the set of user-specific firewall policies 

8 associated with the mobile node. 

1 22. (withdrawn) The gateway of claim 21, wherein: 

2 the interrogating means obtains AAA data associated with the mobile node from 

3 the home AAA server each time the mobile node begins operating in the proximity of the 

4 gateway, and 

5 the firewall dynamically updates the user-specific firewall policies each time the 

6 AAA data for the mobile node are obtained. 

1 23 . (withdrawn) The gateway of claim 21, wherein the home AAA server of 

2 the mobile node is a 3G AAA server. 
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1 24. (withdrawn) The gateway of claim 21, wherein the gateway has a port for 

2 directly or indirectly connecting an 802. 1 1 access point. 

1 25. (withdrawn) A method for controlling mobile access, comprising the steps 

2 of: 

3 obtaining user profile data of a mobile IP node from a home authentication, 

4 authorization and accounting (AAA) server of the mobile IP node, to determine whether 

5 the mobile IP node is registered to access a network by way of a gateway; 

6 performing multi-layer filtering based on the user profile data; 

7 transferring a session from a first network to a second network in which the 

8 mobile IP node is located without session interruption, when the mobile node moves to 

9 the second network; and 

10 providing Internet access to the mobile IP node without passing Internet data 

1 1 requested by the mobile IP node through the a network in which the home AAA server is 

12 located. 

1 26. (withdrawn) The method of claim 25, further comprising using packet 

2 filtering rules that depend on per-user policies dynamically obtained from the home AAA 

3 server of the mobile node. 

1 27. (withdrawn) The method of claim 25, further comprising connecting the 

2 gateway to the Internet by a path other than by way of a third generation core network. 

1 28. (withdrawn) A method for mobile communications, comprising the steps 

2 of: 

3 interrogating a authentication, authorization and accounting (AAA) server of a 

4 mobile node, to determine to which network resources the gateway permits the mobile 

5 node access, and to determine a set of one or more user-specific firewall policies 

6 associated with the mobile node, the interrogating being performed each time the mobile 

7 node begins operating in the proximity of a gateway; 

r 
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8 implementing the set of user-specific firewall policies associated with the mobile 

9 node in the gateway; and 

10 dynamically updating the user- specific firewall policies each time the AAA server 

1 1 for the mobile node is interrogated. 

1 29. (original) A computer readable medium encoded with computer program 

2 code, wherein, when the code is executed by a processor, the processor performs a 

3 method for controlling mobile access, comprising the steps of: 

4 filtering incoming packets based on a media access control address of each packet; 

5 obtaining user profile data of a mobile IP node from a home authentication, 

6 authorization and accounting (AAA) server of a mobile IP node, to determine whether the 

7 mobile IP node is registered to access a network by way of a gateway; 

8 performing multi-layer filtering based on the user profile data; 

9 transferring a session from a first network to a second network in which the 

10 mobile IP node is located without session interruption when the mobile node moves to 

1 1 the second network; and 

12 providing Internet access to the mobile IP node without passing Internet data 

13 requested by the mobile IP node through a network in which the home AAA server is 

14 located 

1 30. (withdrawn) A computer readable medium encoded with computer 

2 program code, wherein* when the code is executed by a processor, the processor performs 

3 a method for mobile communications, comprising the steps of: 

4 interrogating a home authentication, authorization and accounting (AAA) server 

5 of a mobile node, to determine to which network resources the gateway permits the 

6 mobile node access, and to determine a set of one or more user-specific firewall policies 

7 associated with the mobile node, the interrogating being performed each time the mobile 

8 node begins operating in the proximity of a gateway; 

9 ^implementing the set of user-specific firewall policies associated with the mobile 
10 node in the gateway; and 
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1 1 dynamically updating the user-specific firewall policies each time the AAA server 

12 for the mobile node is interrogated. 
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